Books

Cybersecurity Library

Here you will find links to classic Cybersecurity books, reports and theory.

It is worth noting also that the listed items are written for a whole range of different audiences, interests, expertise levels and purposes – choose wisely!

So far as we know any divulged information in the following documents is either not covered by copyright or else the copyright has been released.

Recent Books

1. Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker Kevin Mitnick was the most elusive computer break-in artist in history. He accessed computers and networks at the world’s biggest companies–and however fast the authorities were, Mitnick was faster, sprinting through phone switches, computer systems, and cellular networks. He spent years skipping through cyberspace, always three steps ahead and labeled unstoppable. But for Kevin, hacking wasn’t just about technological feats-it was an old fashioned confidence game that required guile and deception to trick the unwitting out of valuable information.

2. The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography
In his first book since the bestselling Fermat’s Enigma, Simon Singh offers the first sweeping history of encryption, tracing its evolution and revealing the dramatic effects codes have had on wars, nations, and individual lives. From Mary, Queen of Scots, trapped by her own code, to the Navajo Code Talkers who helped the Allies win World War II, to the incredible (and incredibly simple) logisitical breakthrough that made Internet commerce secure, The Code Book tells the story of the most powerful intellectual weapon ever known: secrecy.

3. The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage
Before the Internet became widely known as a global tool for terrorists, one perceptive U.S. citizen recognized its ominous potential. Armed with clear evidence of computer espionage, he began a highly personal quest to expose a hidden network of spies that threatened national security. But would the authorities back him up? Cliff Stoll’s dramatic firsthand account is “a computer-age detective story, instantly fascinating [and] astonishingly gripping” (Smithsonian).

4. Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon
Top cybersecurity journalist Kim Zetter tells the story behind the virus that sabotaged Iran’s nuclear efforts and shows how its existence has ushered in a new age of warfare—one in which a digital attack can have the same destructive capability as a megaton bomb. In January 2010, inspectors with the International Atomic Energy Agency noticed that centrifuges at an Iranian uranium enrichment plant were failing at an unprecedented rate. The cause was a complete mystery—apparently as much to the technicians replacing the centrifuges as to the inspectors observing them.

5. Cyber War: The Next Threat to National Security and What to Do About It
Author of the #1 New York Times bestseller Against All Enemies, former presidential advisor and counter-terrorism expert Richard A. Clarke sounds a timely and chilling warning about America’s vulnerability in a terrifying new international conflict—Cyber War! Every concerned American should read this startling and explosive book that offers an insider’s view of White House ‘Situation Room’ operations and carries the reader to the frontlines of our cyber defense. Cyber War exposes a virulent threat to our nation’s security. This is no X-Files fantasy or conspiracy theory madness—this is real.

6. Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground
Former hacker Kevin Poulsen has, over the past decade, built a reputation as one of the top investigative reporters on the cybercrime beat. In Kingpin, he pours his unmatched access and expertise into book form for the first time, delivering a gripping cat-and-mouse narrative—and an unprecedented view into the twenty-first century’s signature form of organized crime. The word spread through the hacking underground like some unstoppable new virus: Someone—some brilliant, audacious crook—had just staged a hostile takeover of an online criminal network that siphoned billions of dollars from the US economy.

7. Spam Nation: The Inside Story of Organized Cybercrime-from Global Epidemic to Your Front Door
In Spam Nation, investigative journalist and cybersecurity expert Brian Krebs unmasks the criminal masterminds driving some of the biggest spam and hacker operations targeting Americans and their bank accounts. Tracing the rise, fall, and alarming resurrection of the digital mafia behind the two largest spam pharmacies-and countless viruses, phishing, and spyware attacks-he delivers the first definitive narrative of the global spam problem and its threat to consumers everywhere.

8. The Art of Deception: Controlling the Human Element of Security
The world’s most infamous hacker offers an insider’s view of the low-tech threats to high-tech security Kevin Mitnick’s exploits as a cyber-desperado and fugitive form one of the most exhaustive FBI manhunts in history and have spawned dozens of articles, books, films, and documentaries. Since his release from federal prison, in 1998, Mitnick has turned his life around and established himself as one of the most sought-after computer security experts worldwide. Now, in The Art of Deception, the world’s most notorious hacker gives new meaning to the old adage, “It takes a thief to catch a thief.”

10. @War: The Rise of the Military-Internet Complex
The wars of the future are already being fought today. The United States military currently views cyberspace as the “fifth domain” of warfare (alongside land, air, sea, and space), and the Department of Defense, the National Security Agency, and the CIA all field teams of hackers who can, and do, launch computer virus strikes against enemy targets. As recent revelations have shown, government agencies are joining with tech giants like Google and Facebook to collect vast amounts of information, and the military has also formed a new alliance with tech and finance companies to patrol cyberspace.

11. Worm: The First Digital World War
The Conficker worm infected its first computer in November 2008 and within a month had infiltrated 1.5 million computers in 195 countries. Banks, telecommunications companies, and critical government networks (including the British Parliament and the French and German military) were infected. No one had ever seen anything like it. By January 2009 the worm lay hidden in at least eight million computers and the botnet of linked computers that it had created was big enough that an attack might crash the world.

12. Beyond Fear: Thinking Sensibly About Security in an Uncertain World.
In Beyond Fear, Bruce Schneier invites us to take a critical look at not just the threats to our security, but the ways in which we’re encouraged to think about security by law enforcement agencies, businesses of all shapes and sizes, and our national governments and militaries. Schneier believes we all can and should be better security consumers, and that the trade-offs we make in the name of security – in terms of cash outlays, taxes, inconvenience, and diminished freedoms – should be part of an ongoing negotiation in our personal, professional, and civic lives, and the subject of an open and informed national discussion.

13. Cypherpunks: Freedom and the Future of the Internet
Cypherpunks are activists who advocate the widespread use of strong cryptography (writing in code) as a route to progressive change. Julian Assange, the editor-in-chief of and visionary behind WikiLeaks, has been a leading voice in the cypherpunk movement since its inception in the 1980s. Now, in what is sure to be a wave-making new book, Assange brings together a small group of cutting-edge thinkers and activists from the front line of the battle for cyber-space to discuss whether electronic communications will emancipate or enslave us.

14. Schneier on Security
Presenting invaluable advice from the world?s most famous computer security expert, this intensely readable collection features some of the most insightful and informative coverage of the strengths and weaknesses of computer security and the price people pay — figuratively and literally — when security fails. Discussing the issues surrounding things such as airplanes, passports, voting machines, ID cards, cameras, passwords, Internet banking, sporting events, computers, and castles, this book is a must-read for anyone who values security at any level — business, technical, or personal.

15. Internet Forensics: Using Digital Evidence to Solve Computer Crime
Because it’s so large and unregulated, the Internet is a fertile breeding ground for all kinds of scams and schemes. Usually it’s your credit card number they’re after, and they won’t stop there. Not just mere annoyances, these scams are real crimes, with real victims. Now, thanks to Internet Forensics from O’Reilly, there’s something you can do about it. This practical guide to defending against Internet fraud gives you the skills you need to uncover the origins of the spammers, con artists, and identity thieves that plague the Internet.

16. Evolution of Cyber Technologies and Operations to 2035 (Advances in Information Security)
This book explores the future of cyber technologies and cyber operations which will influence advances in social media, cyber security, cyber physical systems, ethics, law, media, economics, infrastructure, military operations and other elements of societal interaction in the upcoming decades. It provides a review of future disruptive technologies and innovations in cyber security. It also serves as a resource for wargame planning and provides a strategic vision of the future direction of cyber operations. It informs military strategist about the future of cyber warfare.

17. Secrets and Lies: Digital Security in a Networked World
This anniversary edition which has stood the test of time as a runaway best-seller provides a practical, straight-forward guide to achieving security throughout computer networks. No theory, no math, no fiction of what should be working but isn’t, just the facts. Known as the master of cryptography, Schneier uses his extensive field experience with his own clients to dispel the myths that often mislead IT managers as they try to build secure systems. A much-touted section: Schneier’s tutorial on just what cryptography (a subset of computer security) can and cannot do for them, has received far-reaching praise from both the technical and business community.

18. Navigating the Digital Age: The Definitive Cybersecurity Guide for Directors and Officers

A collaboration between Palo Alto Networks and the New York Stock Exchange, this book is offered free of charge through the Security Roundtable website with the goal of providing a solid reference to “enlighten the community” on the importance of cybersecurity. Over 30 different contributors came together to produce content that covers everything from the fundamentals of cybersecurity to how corporate executives should handle and report security breaches. It also includes detailed information on U.S. government standards for creating cybersecurity frameworks.

19. Security Metrics: Replacing Fear, Uncertainty and Doubt

Cybersecurity professionals need a reliable way to assess and predict potential threats and losses relating to security breaches. This book suggests that current methods such as risk assessments based on probability fall short when it comes to accuracy. The proposed solution is for businesses and organizations to capture and analyze security metrics, and the book includes detailed information about just what should be monitored. Methods for reviewing and interpreting these metrics are also included, making this a useful manual for anyone working in cybersecurity.

20. Zero Day

If you’re looking for something less complex that still provides an accurate picture of what’s going on in cybersecurity, this novel can give you that mental break. Although the story is fictional, the scenario it depicts of a cybersecurity attack on an airplane’s on-board computer isn’t at all unrealistic. Several references to real cyberattacks are included, and descriptive language brings the mechanics of these threats to life in a way that a wide audience can understand and appreciate. You won’t get any technical knowledge from this book, but its subject matter is timely enough to make you think more critically about current cybersecurity issues.

Founding, building, and nurturing a Cybersecurity Science for everyone. We are a one-stop-shop for learning from—and contributing to—the latest findings and new scientific thinking emerging from the computer security community.

We extend a warm welcome to you, and an open invitation to get involved; no matter what your expertise level; and do contribute ideas, thoughts and experiences for the benefit of all.

SCIENCE OF CYBERSECURITY FRAMEWORK

In order to establish a logically coherent statement of basic theory, and to enable orderly progression of the same; we hereby define the Science Of Cybersecurity Framework (SCF).

Whereby, the SCF comprises all of the fundamental Cybersecurity axioms, principles, concepts, events and processes etc. The upshot is a complete characterisation of the entire subject matter of Information Security.

The purpose of the SCF is not to list, in an exhaustive fashion, every possible instance of a Cybersecurity failure/vulnerability and/or protective measure; but rather to define all of the logical elements that could possibly comprise the same. In other words, the SCF seeks to identify all of the universals of Cybersecurity, in the belief that any particulars will naturally follow.

WE NEED YOU!

Obviously development of a new science—is not the job of one person alone; but rather science can only arise, evolve and progress through consensus; and by the power of multiple brains.

Consequently, we invite members of the Cybersecurity community to get involved and contribute to this effort.

The Science of Cybersecurity – by Alan Radley (2017). Free digital edition is here, and the printed edition is on Amazon here.

Sample Reviews

Excellent read! Succinct and accurate on a subject that normally wanders into tangential discussions confusing and diffusing the goal… Radley breaks down today’s hottest topic in a way that provides reference to students as well as guidance to the more learned… I found it spot on and a fine addition to the body of work on cyber-security but specifically to the discussion of privacy within communications… I see this as a reference document for students studying cyber security as well as an excellent read for CTOs, CSOs, CISOs, and CEOs laboring over how to analyze their needs for increased security… allows you to hit the highlights or dive deeper into the subject with your many charts, diagrams, and glossary of terms.

Will no doubt be recognized as one of the seminal works on security, establishing definitions and clarity where others have dealt with assumptions… it is not very often that one is exposed to a work that is truly ground breaking in a field, but this is one of those works. Rather than expounding on the implementation of security as many do, Dr. Alan Radley astutely asks (and then suggests an answer for) the rather naive, yet deceptively complex question “What is security?”, or more precisely “How does one characterize a communication system for secure data transfer?” As Dr. Radley examines this question, the reader becomes aware that the answer is much more elusive than one first assumes.

As Dr. Radley builds a working compendium of definitions needed to examine the issue, the reader becomes more and more aware that the current vernacular is insufficient for discussing secure communication at a philosophical level, and if we cannot agree on what it means to be secure or private in thought, how can we accomplish it in act? It is here, laying the foundation of formal definition of socially secure communication, that Dr. Radley’s work is groundbreaking and will no doubt be referenced by many works to come.

As cyber education evolves to meet the pace of change in our digital world so does the need for good reference books.. a timely and spot on publication that I shall be recommending to my students; well done Dr Radley.

Professor Richard Benham – National Cyber Skills Centre, UK.

An excellent read and would definitely recommend this to our AISA members as a way to get a different perspective on security.

In a world full of privacy breaches, Radley timely develops a framework that delves into complexity of technical and human-centric factors that affect our perception of privacy and cybersecurity. I recommend this book to everyone who is interested in making our cyber world more secure.

Vitali Kremez (6/2/2016) – CyberCrime Investigative Analyst.

The book provides the reader with an accurate and objective view of the life-cycle of the exposures and vulnerabilities which are associated with the technological shadow cast over all individuals, and organisations. This is a unique piece of work… an excellent read, and deserves a place on every security professional’s bookshelf who is seeking a balanced and objective view of the current, and futuristic Cyber Security Landscape.

Professor John Walker – Nottingham Trent University.

Alan Radley makes sense of the complexities which ordinarily restrict this topic to IT people only… required reading for anyone focused on secure and private communication… What’s more, Alan’s no-nonsense approach and fearless honesty, is refreshing. I recommend this to those interested in making certain that their communication is more private, secure and resilient.

Bill Montgomery – CEO – Connect In Private.

A brilliant book! Did it make me wiser? Yes…

Pantazis Kourtis – Member of the Board of Directors at London Chapter at ISACA.

I commend this book to a wide readership. Well done Sir, more please.

Tony Collings OBE -Chairman – The ECA Group.

A very concise body of work, that belies its length for the practical application of useful data in a highly complex area… should be required reading for anyone providing third party services whereby their security claims cannot be held up without transparency. Ignore this work at your peril.

Christian Rogan – Vice President, Royal Holloway Enterprise Centre.

I highly recommend this book for individuals interested in understanding the challenges facing the security and information assurance specialist. Dr. Radley’s direct approach provides an excellent read and can enable valuable insights into an extremely complex topic such as security.

What Kind Of A Science Is Cybersecurity?

Cybersecurity is impossible to develop as a logical subject of study—without first establishing an observational science that identifies what we are dealing with in the first place.

Ergo, we become able to know what kinds of phenomena to look for, measure, model and control. Thus we define a set of Absolute Security metrics—and accordingly fully prescribe the various classes/types of Cybersecurity vulnerabilities—plus evolve truly effective countermeasures… >>

Avoid Hacking And data-Breaches With KeyMail

‘Cloud’ copies are highly vulnerable to hacking; largely because they will be around for a very long time—possibly forever—and as a result may be subject to innumerable future hacking attacks.

For Absolute Security in interpersonal communications, the KeyMail file-transfer protocol eliminates ‘cloud’ copies altogether; whereby client data transfers directly between devices. We call this Single-Copy-Send—and the upshot is that there are no vulnerable ‘third-party’ copies to attack, and hence no hacking risks… >>